Site Navigation

Date:      Tue, 4 Dec 2001 10:47:08 -0500
From:      "Blake Crosby" <dev@samurai.com>
To:        <isp-webhosting@isp-webhosting.com>, <freebsd-isp@freebsd.org>
Subject:   Weird file in /root
Message-ID:  <JAEEIJKIHAONENKPFCCPIEKFCBAA.dev@samurai.com>

---

next in thread | raw e-mail | index | archive | help

---

I am somewhat concerned at this file I found:

7524 -rwsr-sr-t  1 root  wheel          0 Nov 30 16:41:10 2001
/root/gA /‚ø1•ÁÊý)�­OK×R®	éiz
)ÄW*NåÐ8gÜ?–a^'´¢%ß¾¹úž‰¯¾t�ñeu¨?*!Š‡!צX¤R¬mÎÚsü:ö™|eŸ¿K"G	Çò

I did delete the file as soon as I found it, since the setUID bit was
active. I am thinking that this machine has been comprimised - but I am not
sure how.

Any pointers on how about I should go investigating this situation?

Blake


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?JAEEIJKIHAONENKPFCCPIEKFCBAA.dev>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact